OpenSSL Heartbleed Vulnerability
Issued: April 09, 2014
Updated: May 12, 2014
CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 07, 2014. CVE identifier CVE-2014-0160 has been assigned to this vulnerability. CA Technologies has confirmed that the majority of our product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected. CA Technologies will update this site as additional information becomes available.
These products may be affected:
CA ARCserve D2D for Windows 16.5
CA ARCserve D2D for Linux 16.5, 16.5SP1
CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2 (SP2 build less than 3800)
CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2 (SP2 build less than 3800)
CA ARCserve Unified Data Protection (Release Candidate)
CA ecoMeter 3.1.1, 3.1.2, 4.0.00, 4.0.01, 4.0.02, 4.1.00, 4.1.01, 4.2.00
CA eHealth 6.3.0.05 thru 6.3.2.04 (all platforms affected)
CA Layer 7 API Gateway 8.1 (installed but not used by default)
CA Layer 7 API Portal 2.6
CA Layer 7 Mobile Access Gateway 8.1 (installed but not used by default)
CA Mobile Device Management 2014 Q1
CA XCOM Data Transport – Only the Windows 64-bit XCOM application is affected.
Note: At this time, no other CA Technologies products have been identified as potentially vulnerable.
Fixes for all potentially affected products have been published in the Vulnerability Alerts section of the CA Technologies Support Online site.
CVE-2014-0160 - OpenSSL Heartbleed vulnerability
v1.0: 2014-04-09, Initial Release
v1.1: 2014-04-10, Added DataMinder
v1.2: 2014-04-10, Added ARCserve products, updated DataMinder info, updated eHealth info, updated MDM info.
v1.3: 2014-04-10, Updated statement, updated Layer 7 Gateway info.
v1.4: 2014-04-11, DataMinder confirmed NOT vulnerable.
v1.5: 2014-04-14, Added solution information.
v1.6: 2014-04-14, Updated Layer 7 info.
v1.7: 2014-04-14, Updated XCOM Data Transport affected product info.
v1.8: 2014-04-19, Modified affected versions for ARCserve D2D for Windows, ARCserve High Availability, ARCserve Replication, eHealth. Added ecoMeter to affected products.
v1.9: 2014-04-24, Modified ARCserve RHA affected versions.
v2.0: 2014-05-12: Modified Solution section to indicate that fixes for all products are now available.
If additional information is required, please contact CA Technologies Support at https://support.ca.com.
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at email@example.com.
CA Technologies Product Vulnerability Response Team PGP Key